mir/isc-dhcp
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/dhcp synced 2025-08-22 09:57:20 +00:00
Code Issues Releases Wiki Activity

- Strict checks for content of domain-name DHCPv4 option can now be

Browse Source 
configured during compilation time. Even though RFC2132 does not allow
  to store more than one domain in domain-name option, such behavior is
  now enabled by default, but this may change some time in the future.
  See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
  [ISC-Bugs #24167]
This commit is contained in:
Tomek Mrugalski 2011-07-01 12:07:09 +00:00
parent f8cc78bad3
commit d15aa96419
6 changed files with 48 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
RELNOTES
View File

@ -174,6 +174,13 @@ work on other platforms. Please report any problems and suggested fixes to
- In Solaris 11 switch to using sockets instead of DLPI, thanks - In Solaris 11 switch to using sockets instead of DLPI, thanks
to a patch form Oracle. [ISC-Bugs #24634]. to a patch form Oracle. [ISC-Bugs #24634].
- Strict checks for content of domain-name DHCPv4 option can now be
configured during compilation time. Even though RFC2132 does not allow
to store more than one domain in domain-name option, such behavior is
now enabled by default, but this may change some time in the future.
See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.
[ISC-Bugs #24167]
Changes since 4.2.0 Changes since 4.2.0
- Documentation cleanup covering multiple tickets - Documentation cleanup covering multiple tickets

7
client/dhclient.c
View File

@ -4201,8 +4201,13 @@ static int check_option_values(struct universe *universe,
/* just reject options we want to protect, will be escaped anyway */ /* just reject options we want to protect, will be escaped anyway */
if ((universe == NULL) || (universe == &dhcp_universe)) { if ((universe == NULL) || (universe == &dhcp_universe)) {
switch(opt) { switch(opt) {
case DHO_HOST_NAME:
case DHO_DOMAIN_NAME: case DHO_DOMAIN_NAME:
#ifdef ACCEPT_LIST_IN_DOMAIN_NAME
return check_domain_name_list(ptr, len, 0);
#else
return check_domain_name(ptr, len, 0);
#endif
case DHO_HOST_NAME:
case DHO_NIS_DOMAIN: case DHO_NIS_DOMAIN:
case DHO_NETBIOS_SCOPE: case DHO_NETBIOS_SCOPE:
return check_domain_name(ptr, len, 0); return check_domain_name(ptr, len, 0);

27
common/parse.c
View File

@ -3324,6 +3324,33 @@ int parse_boolean_expression (expr, cfile, lose)
return 1; return 1;
} }
/* boolean :== ON SEMI | OFF SEMI | TRUE SEMI | FALSE SEMI */
int parse_boolean (cfile)
struct parse *cfile;
{
enum dhcp_token token;
const char *val;
int rv;
token = next_token (&val, (unsigned *)0, cfile);
if (!strcasecmp (val, "true")
|| !strcasecmp (val, "on"))
rv = 1;
else if (!strcasecmp (val, "false")
|| !strcasecmp (val, "off"))
rv = 0;
else {
parse_warn (cfile,
"boolean value (true/false/on/off) expected");
skip_to_semi (cfile);
return 0;
}
parse_semi (cfile);
return rv;
}
/* /*
* data_expression :== SUBSTRING LPAREN data-expression COMMA * data_expression :== SUBSTRING LPAREN data-expression COMMA
* numeric-expression COMMA * numeric-expression COMMA

2
includes/dhcpd.h
View File

@ -1899,7 +1899,6 @@ void parse_failover_state (struct parse *,
#endif #endif
int permit_list_match (struct permit *, struct permit *); int permit_list_match (struct permit *, struct permit *);
void parse_pool_statement (struct parse *, struct group *, int); void parse_pool_statement (struct parse *, struct group *, int);
int parse_boolean (struct parse *);
int parse_lbrace (struct parse *); int parse_lbrace (struct parse *);
void parse_host_declaration (struct parse *, struct group *); void parse_host_declaration (struct parse *, struct group *);
int parse_class_declaration (struct class **, struct parse *, int parse_class_declaration (struct class **, struct parse *,
@ -1982,6 +1981,7 @@ int parse_if_statement (struct executable_statement **,
struct parse *, int *); struct parse *, int *);
int parse_boolean_expression (struct expression **, int parse_boolean_expression (struct expression **,
struct parse *, int *); struct parse *, int *);
int parse_boolean (struct parse *);
int parse_data_expression (struct expression **, int parse_data_expression (struct expression **,
struct parse *, int *); struct parse *, int *);
int parse_numeric_expression (struct expression **, int parse_numeric_expression (struct expression **,

7
includes/site.h
View File

@ -216,3 +216,10 @@
source port of the message it received. This is useful for testing source port of the message it received. This is useful for testing
but is only included for backwards compatibility. */ but is only included for backwards compatibility. */
/* #define REPLY_TO_SOURCE_PORT */ /* #define REPLY_TO_SOURCE_PORT */
/* Define this if you want to allow domain list in domain-name option.
RFC2132 does not allow that behavior, but it is somewhat used due
to historic reasons. Note that it may be removed some time in the
future. */
#define ACCEPT_LIST_IN_DOMAIN_NAME

26
server/confpars.c
View File

@ -1721,32 +1721,6 @@ cleanup:
pool_dereference (&pool, MDL); pool_dereference (&pool, MDL);
} }
/* boolean :== ON SEMI | OFF SEMI | TRUE SEMI | FALSE SEMI */
int parse_boolean (cfile)
struct parse *cfile;
{
enum dhcp_token token;
const char *val;
int rv;
token = next_token (&val, (unsigned *)0, cfile);
if (!strcasecmp (val, "true")
|| !strcasecmp (val, "on"))
rv = 1;
else if (!strcasecmp (val, "false")
|| !strcasecmp (val, "off"))
rv = 0;
else {
parse_warn (cfile,
"boolean value (true/false/on/off) expected");
skip_to_semi (cfile);
return 0;
}
parse_semi (cfile);
return rv;
}
/* Expect a left brace; if there isn't one, skip over the rest of the /* Expect a left brace; if there isn't one, skip over the rest of the
statement and return zero; otherwise, return 1. */ statement and return zero; otherwise, return 1. */